This application relates generally to network security. More specifically, the disclosure provided herein relates to multilayered deception for intrusion detection and prevention.
Computer attacks are becoming increasingly sophisticated. Some attackers create attacks that operate over long periods of time and from multiple attack vectors. In some attacks, a computer intrusion is launched using a single event such as a phishing message or spear-phishing message to infect a computer of an employee or representative of a targeted organization. Thus, for example, attackers may send a phishing email or malware attachment to an employee of a company via email. When the employee opens or executes the mail or message attachment, the computer may be compromised and key loggers, viruses, worms, and/or other threats may be initiated at the target computer.
Detecting malicious activities, such as data exfiltration, can be a complex task that may require tracking network traffic data and/or log analysis. As mentioned above, the attacks sometimes can be initiated by a user clicking on a link or executable script or macro within a single email or message. As such, these and other types of threats sometimes are not detected until data has already been exploited by the attack. In other instances, the attacks are not detected until the attack has already ended.